Best Practice: SOX Policy Guide

Learn how to establish or enhance a SOX policy for models and end user applications used in financial reporting processes.

SOX policy guide cover image

SOX Section 404 Policy – ICFR

This guide provides best practices for establishing or enhancing a SOX policy for models and end user applications used in financial reporting processes.

While the general framework presented in this guide can be applied to most regulatory standards, it is tailored to addressing internal control over financial reporting (ICFR) for SOX Section 404.

To create an effective SOX policy, three components must be addressed:

  1. People
  2. Process
  3. Technology

This document considers all end user computing (EUC) applications, but at times refers to Excel spreadsheets specifically. Spreadsheets are the most ubiquitous EUC type in organizations due to Excel’s availability, familiarity, utility, and processing strength.

Please fill out the form below to download this best practice guide.